Privacy Policy

Last updated: January 23, 2026

1. Introduction

Easy UCP ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service to integrate Universal Commerce Protocol (UCP) with your e-commerce store.

By using Easy UCP, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, store URL, product count, and platform type when you join the founders list or create an account.
  • Product Data: Product information you upload (names, descriptions, prices, images, inventory) to make discoverable via UCP.
  • Payment Information: Billing details processed securely through our payment processor (Stripe). We do not store complete credit card numbers.
  • Communication: Messages you send us via email or support channels.

2.2 Automatically Collected Information

  • Usage Data: How AI agents discover and interact with your products, query patterns, conversion rates.
  • Technical Data: IP address, browser type, device information, access times, pages viewed.
  • Cookies: We use essential cookies for authentication and analytics. See Section 7 for details.

2.3 Website Analytics and Visitor Tracking

We collect website visitor data to understand how people use our website and to improve our marketing effectiveness. This includes:

  • Page Views and Navigation: Which pages you visit, how long you stay, navigation patterns.
  • Traffic Sources: How you found our website (search engines, social media, direct links, referring websites).
  • Campaign Tracking (UTM Parameters): Marketing campaign performance data including utm_source, utm_medium, utm_campaign, utm_content, and utm_term parameters.
  • Referrer Information: The website that referred you to Easy UCP.
  • Landing Page: The first page you visited on our website.
  • Device and Browser Information: User agent string (browser type, version, operating system).
  • Session Behavior: Number of pages viewed per session, time spent on site before signup.

Analytics Tools We Use:

  • Plausible Analytics: Privacy-friendly web analytics that does not use cookies, does not track users across websites, and does not collect personal data. Plausible is GDPR, CCPA, and PECR compliant. Data is aggregated and anonymized. Learn more: Plausible Privacy Policy
  • Supabase (Database): When you join our founders list or signup, we store your email, store URL, and the tracking data mentioned above (UTM parameters, referrer, landing page, behavior metrics) in our Supabase database. This data is used solely for service delivery, email communications, and marketing analysis. We do not sell or share this data with third parties for marketing purposes.

Why We Collect This Data: Understanding how visitors find and interact with our website helps us improve our service, optimize marketing campaigns, and provide better customer experiences. For example, knowing which marketing channels bring the most engaged users helps us allocate resources effectively.

3. How We Use Your Information

We use collected information for:

  • Service Delivery: Providing UCP integration and making your products discoverable to AI agents.
  • Analytics: Showing you which AI agents discover your products and conversion metrics.
  • Platform Maintenance: Monitoring system performance, troubleshooting, and security.
  • Communication: Sending service updates, launch notifications, and responding to inquiries.
  • Payment Processing: Billing and payment verification.
  • Legal Compliance: Meeting regulatory requirements including GDPR.

4. Data Sharing and Disclosure

4.1 Public Product Data

Product information you upload becomes publicly accessible via UCP endpoints. This is the core functionality - making your products discoverable to AI shopping agents. Only public product data (names, prices, descriptions, images, inventory status) is exposed. Customer data, sales history, and internal business information are never shared.

4.2 Service Providers

We share data with trusted third parties who help us operate:

  • Stripe: Payment processing (PCI-DSS compliant). Stripe handles all credit card processing; we do not store complete card numbers.
  • Railway: Cloud hosting infrastructure for our application servers.
  • Supabase: Database hosting for user accounts, email signups, and analytics data. Data stored in Supabase includes your email, store URL, subscription tier, and website behavior metrics. Supabase is GDPR compliant and SOC 2 Type II certified.
  • Plausible Analytics: Privacy-friendly web analytics (GDPR compliant, no cookies, no personal data tracking). Plausible only collects aggregated pageview data.

All service providers are contractually obligated to protect your data and use it only for providing services to Easy UCP.

4.3 Legal Requirements

We may disclose information if required by law, court order, or to protect our rights, property, or safety.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred. You will be notified of any such change.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure authentication and access controls
  • Regular security audits and monitoring
  • Limited employee access to personal data
  • Regular backups and disaster recovery procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

6. Your Privacy Rights

6.1 GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit processing of your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Revoke consent for data processing

6.2 California Privacy Rights (CCPA)

California residents have additional rights:

  • Know what personal information is collected and how it's used
  • Request deletion of personal information
  • Opt-out of the sale of personal information (we do not sell personal data)
  • Non-discrimination for exercising privacy rights

6.3 Exercising Your Rights

To exercise any of these rights, contact us at hello@easyucp.com. We will respond within 30 days.

7. Cookies and Tracking

We use cookies and similar tracking technologies:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics Cookies: Privacy-friendly analytics via Plausible (no personal data, GDPR compliant)

You can control cookies through your browser settings, but disabling essential cookies may affect service functionality.

8. Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

  • Account Data: Retained while your account is active, plus 90 days after closure
  • Product Data: Retained while using the service, deleted within 30 days of account closure
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely
  • Financial Records: Retained for 7 years for tax and accounting purposes

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside your jurisdiction. We ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by the European Commission
  • Processing only in countries with adequate data protection laws
  • Your explicit consent where required

10. Children's Privacy

Easy UCP is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately at hello@easyucp.com.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes will be communicated via email to registered users. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us:

Easy UCP

Email: hello@easyucp.com

Website: https://easyucp.com

14. Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at hello@easyucp.com.

15. Supervisory Authority

If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.